ttls problem...

Alan DeKok aland at
Sat Dec 15 16:06:52 CET 2007

wlan at wrote:
> I tried the most recent cvs head, but had an issue with eap-ttls/pap (it
> would get into an infinite loop with my testing client - the jradius
> simulator). I have noticed a bit of work being done in this area... so,
> I thought I would help test. Anyways, here is what got to work again for
> me again. In eaptls_process(), I commented out an extra check for
> EAPTLS_OK when SSL_is_init_finished since I was seeing status ==


> In tls.c, when SSL_read() returns > 0, I put a return in there since we
> have application data.

  It also needs to call record_init() on the dirty_in buffer.  Without
that, all TLS methods fail in my tests.

> I changed the content_type check to a
> BIO_ctrl_pending() check.

  That's reasonable.

> And, finally, I added a line to ttls.c since I
> was segfaulting from a NULL request->client in a log message. Then it
> worked.

  That fix should be in src/main/util.c, which creates && initializes
the fake request.  That way, the fix applies to both TTLS and to PEAP.

  I've committed the changes.  Please test.  If you could test against
the the native MAC implementation of TTLS, that would help a lot, too.

  I tried using jradiusSimulator.  Nice, but it refuses to run the TTLS
tests because I have Java 1.6, not 1.5.

  Alan DeKok.

More information about the Freeradius-Devel mailing list